CVE-2024-23114: 
Java vulnerability analysis and mitigation

A deserialization of untrusted data vulnerability (CVE-2024-23114) was discovered in Apache Camel CassandraQL Component AggregationRepository. The vulnerability affects Apache Camel versions from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, and from 4.1.0 before 4.4.0. Under specific conditions, it is possible to deserialize malicious payload (Apache Advisory, NVD).

The vulnerability is classified as a Deserialization of Untrusted Data (CWE-502) issue. The CVSS v3.1 base score is 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a critical severity level with potential for high impact on confidentiality, integrity, and availability (CISA-ADP).

The vulnerability could allow attackers to execute arbitrary code through malicious deserialization, potentially leading to system compromise. The high CVSS score indicates severe potential consequences if exploited (CISA-ADP).

Users are recommended to upgrade to version 4.4.0, which fixes the issue. For users on the 4.0.x LTS releases stream, upgrading to 4.0.4 is recommended. Users on 3.x versions should upgrade to either 3.21.4 or 3.22.1 (Apache Advisory).